...
| Note |
|---|
SecOps alert priorities VS Devo alert priorities Please keep in mind that the priority levels used in SecOps alerts (shown above) do not correspond to the ones used in the common alerts defined in Devo. You can see the priority levels used in Devo when you create a new alert from the search window. As said, these priority levels do not correspond to the ones defined in SecOps. |
...
There are two types of lookups in SecOps: main lookups and multi-lookups.
Main lookups are available only on the domain the SecOps app is installed. The installation of these files is performed by the Devo team and they could be watched and modified by Admin users. The most important lookup is SecOpsAlertDescription, which contains the list of predefined alerts used in SecOps.
Multi-lookups are available to all domains, but users cannot modify them. Some of them are SecOps configuration files, and some others store security information that comes from MISP services. This information is periodically updated in different ways. Some are static (for example CheckBackdoorConnection), some are updated weekly (for example SuspiciousFileExtension) and some others are updated daily (for example. farsight feeds).
Devo SecOps provides customers with a set of predefined security alerts designed by experts, which are one of the basic aspects of the application. Users can tune these alerts attending to their necessities, or create new custom alerts to include them in the SecOps application.
...
Go to Security Operations Lookups for detailed information.
User roles in the Security Operations app
...